Тема: [manual, FreeBSD, network] fail2ban: настройка (Прочитано 5243 раз)

adc · « : 18 Декабря 2013 года, 07:11 »

#######################################################################
###  Fail2Ban main configuration file  ################################
#######################################################################


[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock

Код: (jail.conf) [Выделить]

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 1800
findtime = 600
maxretry = 5
backend  = auto

[ftp-ipfw]
enabled  = true
filter   = bsd-ftp
action   = bsd-ipfw[table=3]
logpath  = /var/log/auth.log

[pop3imap-ipfw]
enabled  = false
filter   = dovecot
action   = bsd-ipfw[table=4]
logpath  = /var/log/dovecot.log

[ssh-ipfw]
enabled  = true
filter   = bsd-sshd
action   = bsd-ipfw[table=5]
logpath  = /var/log/auth.log

Код: (action.d/bsd-ipfw.conf) [Выделить]

[Definition]
actionstart = 
actionstop = 
actioncheck = 
actionban = /sbin/ipfw table <table> add <ip>
actionunban = /sbin/ipfw table <table> delete <ip>

Код: (filter.d/bsd-ftp.conf) [Выделить]

[INCLUDES]
before = common.conf


[Definition]
_daemon = ftpd
failregex = ^%(__prefix_line)sFTP LOGIN FAILED FROM <HOST>,\s*.*$
#     \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
#     \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
#     \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
#     \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
#
# May 28 15:11:53 freebsd4 ftpd[26191]: FTP LOGIN FAILED FROM freebsd4, dsf
#
ignoreregex =

Код: (filter.d/bsd-sshd.conf) [Выделить]

[INCLUDES]
before = common.conf


[Definition]
_daemon = sshd
failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication (?:failure|error) for .* from <HOST>\s*$
            ^%(__prefix_line)sDid not receive identification string from <HOST>$
            ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
            ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
            ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$

ignoreregex =

Код: (filter.d/dovecot.conf) [Выделить]

[Definition]
failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*

ignoreregex =

Добавить в правила ipfw

Код: (ipfw.rules) [Выделить]

# Block bad IP by Fail2Ban
${fwcmd} add deny ip from { table\(3\) or table\(4\) or table\(5\) } to any

"Форум на сайте Чагадаева"

Новости:

Автор Тема: [manual, FreeBSD, network] fail2ban: настройка (Прочитано 5243 раз)

adc

[manual, FreeBSD, network] fail2ban: настройка